---
title: OAuth 2.0 scopes policy script API
description: To customize OAuth 2.0 scope decisions, configure the oauth2Scopes policy with an environment script condition that references an OAuth 2.0 policy condition script.
component: pingam
version: 7.5
page_id: pingam:am-authorization:scripting-api-oauth2-policy
canonical_url: https://docs.pingidentity.com/pingam/7.5/am-authorization/scripting-api-oauth2-policy.html
keywords: ["Authorization", "Policy", "OAuth 2.0", "Scope"]
page_aliases: ["authorization-guide:scripting-api-oauth2-policy.adoc"]
---

# OAuth 2.0 scopes policy script API

To customize OAuth 2.0 scope decisions, configure the `oauth2Scopes` policy with an [environment script condition](policies-ui.html#environments) that references an OAuth 2.0 policy condition script.

The following JavaScript writes the ID of the OAuth 2.0 client to the debug log and then authorizes the request:

```javascript
logger.message("Client ID: " + environment.get("clientId"));
authorized=true;
```

OAuth 2.0 policy condition scripts can access the bindings available to the [policy condition script API](scripted-policy-condition.html#scripting-api-policy), except for the `environment` object. Instead of an IP property, this object returns the ID for the client making the authorization request.

For example, the following shows an `environment` map with a single entry:

```none
"environment": {
    "clientId": [
        "MyOAuth2Client"
    ]
}
```